Limit concurrency

APPLIES TO: All API Management tiers

The limit-concurrency policy prevents enclosed policies from executing by more than the specified number of requests at any time. When that number is exceeded, new requests will fail immediately with the 429 Too Many Requests status code.

Caution

Due to the distributed nature of throttling architecture, rate limiting is never completely accurate. The difference between the configured and the actual number of allowed requests varies based on request volume and rate, backend latency, and other factors.

Note

Set a policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.

Policy statement

<limit-concurrency key="expression" max-count="number">
        <!— nested policy statements -->
</limit-concurrency>

Attributes

Attribute Description Required Default
key A string. Specifies the concurrency scope. Can be shared by multiple policies. Policy expressions are allowed. Yes N/A
max-count An integer. Specifies a maximum number of requests that are allowed to enter the policy. Policy expressions aren't allowed. Yes N/A

Usage

Usage notes

  • The maximum number of requests enforced by API Management is lower when multiple capacity units are deployed in a region.

Example

The following example demonstrates how to limit number of requests forwarded to a backend based on the value of a context variable.

<policies>
  <inbound>…</inbound>
  <backend>
    <limit-concurrency key="@((string)context.Variables["connectionId"])" max-count="3">
      <forward-request timeout="120"/>
    </limit-concurrency>
  </backend>
  <outbound>…</outbound>
</policies>

Next steps

For more information about working with policies, see: